Last updated: July 5, 2026 at 9:01 AM UTC
All 557 Vulnerability 199 Breach 106 Threat 245 Defense 7
Tag: sysco (1 article)Clear

ShinyHunters leaks Sysco data with 2.7 million email addresses after extortion

Food distribution giant Sysco was hit by the extortion group ShinyHunters in a "pay or leak" attack, and after the company did not pay, the stolen data was published. Have I Been Pwned has indexed 2,691,852 unique email addresses belonging to staff and customers, alongside what is described as largely corporate contact information. The breach fits ShinyHunters' sweeping 2026 campaign against large enterprises, which has typically relied on social engineering and compromised SaaS integrations rather than software exploits. Exposed business contact data is useful for convincing, targeted phishing aimed at Sysco's staff, customers, and partners.

Check
People and businesses dealing with Sysco should check Have I Been Pwned for affected emails and stay alert to phishing or invoice fraud that references Sysco accounts, orders, or deliveries.
Affected
Sysco staff, customers, and partners whose email addresses and corporate contact details were exposed (2,691,852 indexed); the data supports targeted phishing and business email compromise against the food-distribution supply chain.
Fix
Treat unexpected Sysco-themed emails with caution, verify payment or account changes through known contacts, enable phishing-resistant MFA, and brief staff and partners on the heightened phishing risk from this exposure.